Software to my e-mail addresses and hashes from the database? [website software] [hash]

Posted by admin on July 31, 2011 Leave a comment (0) Go to comments

Q: Im doing a LOT of upgrades and changes to my Web site software, and I could really use the following:

A tool to go through a SQL database downloaded and stripping of user names and hashes, then place them in a beautiful list.

USERNAME HASH
USERNAME HASH
USERNAME HASH

And a separate e-mail to all addresses in the text file strip, remove duplicates, and list them.

Re:sample: INSERT INTO phpbb_users (user_id, user_active, username, user_password, user_session_time, user_session_page, user_lastvisit, user_regdate, user_level, user_posts, user_timezone, user_style, user_lang, user_dateformat, user_new_privmsg, user_unread_privmsg, user_last_privmsg, user_emailtime, user_viewemail, user_attachsig, user_allowhtml, user_allowbbcode, user_allowsmile, user_allowavatar, user_allow_pm, user_allow_viewonline, user_notify, user_notify_pm, user_popup_pm, user_rank, user_avatar, user_avatar_type, user_email, user_icq, user_website, user_from, user_sig, user_sig_bbcode_uid, user_aim, user_yim, user_msnm, user_occ, user_interests, user_actkey, user_newpasswd) VALUES('146', '0', 'fionafairchild1', '60cfcf5e03c5c949f6d1d0f4acefbd11', '0', '0', '0', '1092791459', '0', '0', '0.00', '3', 'english', 'D M d, Y g:i a', '0', '0', '0', NULL, '0', '1', '0', '1', '1', '1', '1', '1', '0', '1', '1', '0', '', '0', 'kitteekat3@yahoo.com', '', '', '', '', '', '', '', '', '', '', '250dc3', NULL);

Re:Yeah, I only seem to get the people with passwords like 'monkey' and 'mustang11'.

Re:Originally posted by: amdfanboy

Originally posted by: guy

Originally posted by: guy
very likely the .sql file is a bunch of insert statements in a text format. you can either load those into a new database and query the results you want (which is pretty easy if you have a database like mysql installed locally) or you can do text processing through something like perl. open up the file in a text editor and see if you can find some insert statements that contain the data you want. if you find them, then maybe you can paste a couple of lines (with any personal information obscured) so that we can see the format. extracting the text from those lines should not be difficult at all.

reversing the hash into a user's password will be a bit of a pain though.

The way hashing is designed, there is data loss when the password is converted to hash (at least for commonly used MD5, SHA etc). You don't actually store any password in the database, just the hash of the password.

Therefore even you have some ub3rl33t skills, a lot of computing power and a lot of time, you probably still cannot get the full password from a hash..

Could you not just check for matches against known hashes?

Yes. It could take years and plenty of hardware to get a usable list.

Re:I will not reverse the hash, I will be replacing it into the new database so they can use their old passwords, and they will also be able to send new passwords to their email.

Hang on I'll copy some lines of syntax. It's PHPBB2.

Re:Originally posted by: guy
I'm doing a LOT of upgrades and changes to my website software, and I really could use the following:

A tool to go through a downloaded SQL database and strip out usernames and hashes, then place them in a nice list.

USERNAME HASH
USERNAME HASH
USERNAME HASH

And a seperate one to strip all the email addresses out of the text file, remove duplicates, and list them.

Try this, it may need some modification.

Re:Originally posted by: guy

reversing the hash into a user's password will be a bit of a pain though.

Therefore even you have some ub3rl33t skills, a lot of computing power and a lot of time, you probably still cannot get the full password from a hash..

Could you not just check for matches against known hashes?

Re:Originally posted by: guy
very likely the .sql file is a bunch of insert statements in a text format. you can either load those into a new database and query the results you want (which is pretty easy if you have a database like mysql installed locally) or you can do text processing through something like perl. open up the file in a text editor and see if you can find some insert statements that contain the data you want. if you find them, then maybe you can paste a couple of lines (with any personal information obscured) so that we can see the format. extracting the text from those lines should not be difficult at all.

reversing the hash into a user's password will be a bit of a pain though.

Therefore even you have some ub3rl33t skills, a lot of computing power and a lot of time, you probably still cannot get the full password from a hash..

Re:very likely the .sql file is a bunch of insert statements in a text format. you can either load those into a new database and query the results you want (which is pretty easy if you have a database like mysql installed locally) or you can do text processing through something like perl. open up the file in a text editor and see if you can find some insert statements that contain the data you want. if you find them, then maybe you can paste a couple of lines (with any personal information obscured) so that we can see the format. extracting the text from those lines should not be difficult at all.

reversing the hash into a user's password will be a bit of a pain though.

Re:I don't have permission to use phpmyadmin. My database has been cleared (the old one) all I have is this .sql file that was in a tarball.

I will check on the users and file sizes.

Re:Does your server have phpmyadmin installed?

How big is your db?

How many users do you estimate to have?

Oh yeah…

And giving "root access" to anyone including guy is not a good idea. They WOULD have access to all of your users emails and hashes.

Re:Actually, I made a site using PHP-fusion.

I don't know how to use SQL.

I'm switching to Xaraya.

Re:Originally posted by: guy
Welcome to Anandtech, you can't post a good question without getting accused of doing something illegal or immoral. Only stuff like, "How do I resize a pic in MS Paint". I wish I knew how to help ya.

You gotta admint though, the name Plagiarist is kinda "Hax0r1sh"

I gave him a legitimate answer. He made a site that uses SQL, he can extract a bit of data from that database.

EDIT: Maybe something like SELECT * FROM $TABLE_OF_EMAILS; .

Re:When I first signed up I was just going to copy something and never post.. then I needed computer help and you guys were great and I got addicted.

Now who knows where I can get some software to do this? Like, just pull all the emails out of the gobbledygook so I can email my members and tell them to sign up on the new site.

Re:Welcome to Anandtech, you can't post a good question without getting accused of doing something illegal or immoral. Only stuff like, "How do I resize a pic in MS Paint". I wish I knew how to help ya.

You gotta admint though, the name Plagiarist is kinda "Hax0r1sh"

Re:I'd be happy to show you all my own stuff short of revealing member's hashes or email addresses or giving you root access to my webserver to prove that I only want this for my own personal use.

Re:Originally posted by: guy
You are very cynical.

I am not a hacker.

I didn't say you were. I didn't think compliments were appropriate.

Re:You are very cynical.

I am not a hacker.

Re:If you know a little bit of SQL it shouldn't be too tough. The tough part is cracking the passwords. Selling the email addresses should be easy too.

Re:oh, and if anyone knows where I can find something to do this, that would be great.

Softwarehash, website software

← I want to access blocked XP Pro files to an external drive [external hard drive] [knoppix]

in winXP to boot the PC, how do I make it so that the password is open when Windows is loaded ready? [finished loading] [windows xp] →

SSN Software

Computer Software and Hardware

Software to my e-mail addresses and hashes from the database? [website software] [hash]

Related posts

0 Comments.

Leave a Reply

Categories

Recent Posts

Search by Tags!

Archives

Links

Meta